UpGuard Tech Articles

SaltStack vs Ansible Revisited

Written by UpGuard | Feb 20, 2017 5:57:00 PM

It's been a while since we last covered these two leading IT automation solutions—suffice to say, both SaltStack and Ansible have evolved significantly since then. Let's take a fresh look at how they compare when it comes to enterprise-grade IT automation and orchestration.

Today's enterprise IT infrastructures are comprised of a complex mix of disparate systems: cloud servers, virtual machines, in-house IT assets, legacy platforms, and more. Managing this complexity via manual efforts is virtually impossible, especially given the high rate of configuration change in the average enterprise environment. This is where IT automation and configuration management (CM) solutions like SaltStack and Ansible come into play.   

At the most basic level, IT automation/CM tools alleviate developers and admins from having to write and manage custom scripts for tasks like standing up servers and pushing out software updates. Unsurprisingly, much of this tooling originated from developers/admins addressing their own day-to-day pain points. The leading DevOps tools have followed a similar trajectory over years, usually starting out as popular open source tools and gradually making their way into the enterprise with visual management consoles (versus CLI-only management), advanced reporting features, third party integrations, and more. This is true of the "big four" IT automation platforms, including SaltStack and Ansible.   


Created by Thomas Hatch in 2011, Salt—now known as SaltStack—is a modular, Python-based CM tool designed for high-speed data collection/execution. The tool has gained considerable traction in the enterprise for its performance benefits over competing solutions, including Ansible.

The SaltStack Enterprise UI. Source: saltstack.com.

SaltStack's speed and performance benefits are made possible by its lightweight ZeroMQ messaging library: a concurrency framework for establishing persistent TCP connections between the server and agents (i.e., Salt master and minions). The platform is available as an open source project or enterprise commercial offering known as SaltStack Enterprise. 


Ansible was developed in 2012 by Michael DeHaan in response to leading IT automation/CM tools' shortcomings, including a dependence on agents and overwhelming focus on the Ruby language; the open source Ansible solution is both agentless and, like SaltStack, based on Python.  

The Ansible Tower UI. Source: ansible.com.

Ansible Tower is the enterprise version that includes a streamlined visual management dashboard, REST API, role-based access control, job scheduling, graphical inventory management, and more. The company was acquired by Red Hat back in October 2015 and is now known as Ansible by Red Hat.  


Side-by-Side Scoring: SaltStack vs. Ansible

1. Capability Set

As open source projects freely available to the general public, SaltStack and Ansible—despite being highly capable IT automation/CM offerings—lack features and refinements that make them enterprise-ready. For these purposes, SaltStack Enterprise and Ansible Tower are available, at a cost.


2. Usability / Learning Curve

Ansible's simplicity and easy-to-follow documentation give it a leg-up over SaltStack in this category; in fact, it's widely regarded as the easiest to use IT automation/CM platform on the market. SaltStack also provides ample documentation for getting up to speed, and it should: the platform poses a significant learning curve to new users, even seasoned DevOps professionals.   


3. Community Support

Both of these IT automation/CM platforms are darlings of the open source community, each boasting a legion of supporters. SaltStack's open source project is currently one of the biggest and most active on GitHub, while Ansible has maintainted its popularity amongst the community, even after being acquired by Red Hat. In October 2016, Red Hat also open sourced its Ansible Galaxy code repository, furthering its committment to the Ansible-focused open source community. 


4. Release Rate

Both platforms have seen regular releases over the years—open source SaltStack follows a date-based system for version numbers (i.e., YYYY.MM.R, R being the bugfix release number increments within that feature release) and is currently on version 2016.11.2, while its Enterprise offering is on version 5. Open source Ansible is currently at version 2.2.1; its enterprise Tower offering is on version 3.


5. Pricing and Support

Related Blog:

I Don't Need to Test My Configurations. My Deployments are Automated

A monitoring system won't troubleshoot a configuration error. A configuration test script will.

Both SaltStack and Ansible are available for free as open source downloads, but more advanced enterprise features will cost you. Ansible Tower starts at $5,000/year without support; subsequent tiers run up to $14,000/year and include 8x5 or 24/7 support. 

Expect a similar enterprise pricing structure with SaltStack Enterprise, though specifics are not available via the company's website. It does note, however, that the Enterprise offering is subscription license priced by managed node and level of support.


6. API and Extensibility

One of Ansible Tower's key features is its well-documented REST API; open source users are relegated to the more basic Python API. Similarly, SaltStack offers a Python client API as well as a limited "no-frills" REST API.


7. 3rd Party Integrations

Both offerings feature an impressive library of integrations. For example, SaltStack offers streamlined interoperability with leading cloud providers such as AWS, Microsoft Azure, Linode, and Digital Ocean, as well as software tools/technologies like Nagios, Docker, and Jenkins, to name a few. Not to be outdone, Ansible also integrates with a myriad of third party offerings, from virtualization tools like VMware and Vagrant to DevOps solutions such as GitHub and TeamCity.


8. Companies that Use It

Both SaltStack and Ansible have a solid footing in the CM/IT automation space: some of SaltStack's customers include LinkedIn, Comcast, Rackspace, and NASA, to name a few, while Ansible claims Atlassian, Cisco, EA Sports, Allegiant, NASA, and Verizon as some of its marquee customers.


9. Control Capabilities

Both SaltStack and Ansible are battle-tested, powerful IT automation/CM platforms, trusted by the world's largest enterprises for rolling out system changes en masse. As mentioned previously, SaltStack Enterprise's ZeroMQ messaging data bus gives it significant speed advantages, while Ansible's lightweight, agentless architecture make it more lightweight and easier to manage.



SaltStack's 836 CSTAR scorewhile good, falls short of ideal due to a handful of security flaws, namely lack of HTTP strict transport security and missing DMARC/DNSSEC. Similarly, Ansible's 828 CSTAR score is good, but nonetheless flawed as a result of flaws like missing sitewide SSL, disabled HTTP strict transport security, and lack of DMARC/DNSSEC.



Scoreboard and Summary

  SaltStack Ansible
Capability Set
Usability / Learning Curve
Community Support
Release Rate
Pricing and Support
API and Extensibility
3rd Party Integrations
Companies that Use It
Control Capabilities

Total  4.3 out of 5 4.6 out of 5

SaltStack and Ansible have come a long ways since their humble beginnings as open source DevOps tools—even today, the two offerings can't be beat for their powerful low/no-cost IT automation and CM capabilities. And enterprises can't go wrong with either Ansible Tower or SaltStack Enterprise, though for speed and performance, users may want to opt for the latter. In contrast, Ansible Tower is better suited for organizations looking for a lightweight, agentless automation solution that's easy to get up to speed with and manage.

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.



Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article